Remote Offensive Security Engineer
dLocal
πRemote - Brazil, Uruguay
Please let dLocal know you found this job on JobsCollider. Thanks! π
Job highlights
Summary
Join a global team that makes it possible for merchants to collect payments in emerging markets. As a Security Engineer, you will assess network, environment, or technologies; write tooling to assist with offensive security assessment; conduct discovery activities to map environments; build, conduct, and participate in offensive security exercises; perform penetration testing, vulnerability scanning, code reviews, and design/architecture reviews.
Requirements
- Advanced background in Offensive Security (Red Team active participation)
- Strong understanding of vulnerabilities, common attack vectors and how to solve/fix them
- A great eye to identify/analyze attacks on company assets and also simulate internal/external attacks (Ethical Hacker mindset)
- Well-rounded background in host, network and application security (Web, API and Mobile)
- Huge familiarity with threat analysis (malware, phishing, social engineering, etc)
- Attacker mindset ability to think about creative threats and attack vectors
- Knowledge in tailored reconnaissance, weaponization, exploitation and lateral movement
- Know-How of Threat modeling in a cloud environment
- Experience with common security tools including but not limited to: Nmap, SQLmap, Metasploit, Kali Linux (OS), Burp Suite, Qualys/WAS, ZAP Proxy, Prowler, Censys/Shodan and others
- Familiarity with implementation and maintenance of SAST/DAST/IAST sensors
- In-depth knowledge of OWASP10, SANS25 and other world-known security frameworks
- Understanding of a complete SDLC and how to make it secured (S-SDLC)
- Familiarity with Cloud platforms (AWS or equivalent)
- Ability to lead people to problem resolution when it comes to Security (Integrate teams, especially Engineering Team)
- Effective written and oral communication involving both business and technical sides of the business
- Quickly identify issues and solve them
- Ability to present technical risks to a broader audience (both written and spoken)
Responsibilities
- Assess network, environment, or technologies
- Write tooling to assist with offensive security assessment
- Conduct discovery activities to map environments
- Build, conduct, and participate in offensive security exercises
- Perform penetration testing (application, API, mobile, infrastructure), vulnerability scanning (internal and external), code reviews and design/architecture reviews
- Work closely with development teams to mitigate or remediate security vulnerabilities
- Empower developers to do their jobs securely without creating additional friction
- Educate our engineers about security in application code and infrastructure
- Educate our non-technical employees about security good practices and attacks
- Assist in Incident Response activities (if it involves Security)
Preferred Qualifications
- Experience on research of vulnerabilities and development of exploitation tools
- Building and automating common Red Team processes and activities
- Knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
- Certification or equivalent knowledge (DCPT/OSCP/OSCE/OSWP/OSWE/CEH)
- Exposure to PCI-DSS framework or any other relevant security standard will be valued
- Have previously participated as speaker (or just participated in the activities) on Security conferences like DefCon, MindTheSec, EkoParty, Hackaflag, Bhack, You sh0t the sheriff, CryptoRave, etc
- Active participation in CTFs and also Bug Bounty programs
Share this job:
Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.
Similar Remote Jobs
- π°$110k-$140kπUnited States
- π°$120k-$175kπUnited States, Canada
- π°$120k-$175kπUnited States, Canada
- πUnited States
- πUnited States, Canada
- πUnited States
- πUnited States, Canada
- πUnited States, Canada
- πUnited States, Canada
- πUnited States
Please let dLocal know you found this job on JobsCollider. Thanks! π